When you are trying to create a new User Access Policy via the setting link you may encounter the error message "The specified directory service attribute or value does not exist"


Scenario 1

This happens because if there is no container specified, the principal context class will create a System.DirectoryServices.DirectoryEntry object by binding to built in CN=Users container to start searching for users. If the user performing the search does not have permission to read the attributes of default users contain, the search operation will fail, thus causing “The specified directory service attribute or value does not exist”, exception.


Resolution:

Make sure the IIS application pool identity is not running under a local account and you are trying to configure a domain user. If IIS application pool is running under a domain account, make sure the account have read access on the "User" container.

 

Scenario 2

For majority of the cases you will be fine with the default settings, unless the domain administrator has changed the default container (CN=Users) where the user objects are stored. In such cases, it's necessary to specify your user container store, so that BizTalk360 understand where to look for.


Resolution: 

In order to resolve this issue, you simply add a new setting with key="AD_PATH" and value="<your AD Path>" in the b360_admin_GlobalProperties table.

 

Example SQL:

INSERT INTO dbo.b360_admin_GlobalProperties (SettingKey,SettingValue)VALUES ('AD_PATH','OU=Users,dc=kovai,dc=com')